so I noticed today, several attempts to access port 80 (www) via tcp that
were blocked with IPF. What I'm not sure of is if this was a hack attempt
or not. They came in quick bursts off and on for a few hours. An example
of the type of packets is:
len 20 40 -A
len 20 40 -A
len 20 503 -AP
len 20 40 -R
len 20 40 -R
len 20 40 -R
len 20 40 -A
len 20 503 -AP
len 20 40 -A
is this normal to not see any packets with the SYN flag? I was blocking
everything to that port on that machine so I'd have seen S as well if it
were set.
Thanks
-Dan